<?php
/**
 * Modify employee function
 *
 * Updates / Modify employee profile information
 *
 * @author Samantha Gobin <samanthagobin30@gmail.com>
 */
include_once 'UTerrorcode.php';
include_once 'UTcheckAuth.php';
include_once 'UTDBGlobal.php';
/**
 * @param $userAuthName
 * @param $userAuthPassHash
 * @param $userName
 * @param $dataHash
 * @param $empFname
 * @param $empLname
 * @param $startDate
 * @param $endDate
 * @param $empStatus
 * @param $address
 * @param $email
 * @param $phoneNum
 * @param $wage
 * @return array
 */
function modifyEmployee($userAuthName, $userAuthPassHash, $userName, $dataHash, $empFname, $empLname, $startDate, $endDate, $empStatus, $address, $email, $phoneNum, $wage)
{
	global $dbaddress;
    global $dbuser;
    global $dbpassword;
    global $dbdatabasename;
	
	if (empty($userAuthName)) {
        return array(ErrorCode::failRead + 100);
    }
	if (empty($userAuthPassHash)) {
        return array(ErrorCode::failRead + 200);
    }
	if (empty($userName)) {
        return array(ErrorCode::failRead + 300);
    }
	if (empty($dataHash)) {
        return array(ErrorCode::failRead + 400);
    }
	if (empty($empFname)) {
        return array(ErrorCode::failRead + 500);
    }
	if (empty($empLname)) {
        return array(ErrorCode::failRead + 600);
    }
	if (empty($startDate)) {
        return array(ErrorCode::failRead + 700);
    }
	if (empty($empStatus)) {
        return array(ErrorCode::failRead + 900);
    }
	if (empty($address)) {
        return array(ErrorCode::failRead + 1000);
    }
	if (empty($email)) {
        return array(ErrorCode::failRead + 1100);
    }
	if (empty($phoneNum)) {
        return array(ErrorCode::failRead + 1200);
    }
	if (empty($wage)) {
        return array(ErrorCode::failRead + 1300);
    }
	
	if (checkAuthentication($userAuthName, $userAuthPassHash) == true) {
		$conn = mysqli_connect($dbaddress,$dbuser,$dbpassword,$dbdatabasename);
		$sql = "SELECT empID FROM paradigmshift_dev.account WHERE accName = '$userName'";
		$result = mysqli_query($conn, $sql);
		$row = mysqli_fetch_row($result);
		$empID = $row[0];
		
		if ($row == NULL) {
			$error = 300 + ErrorCode::failRead;
		} else {//check for managerness
			$sql = "SELECT empID FROM paradigmshift_dev.account WHERE accName = '$userAuthName'";
			$result = mysqli_query($conn, $sql);
			$row = mysqli_fetch_object($result);
			$managerID = $row->empID;
			
			$sql = "SELECT empStatus FROM paradigmshift_dev.employees WHERE empID = '$managerID'";
			$result = mysqli_query($conn, $sql);
			$row = mysqli_fetch_object($result);
			$empStatus = $row->empStatus;
			
			if ($empStatus == 'Manager') {//time to check data hash
			
				$query = "SELECT * from Employees WHERE empID = '$empID'";
				$result = mysqli_query($conn, $query);
				$row = mysqli_fetch_row($result);
				
				$msg = $row[1] . $row[2] . $row[3] . $row[4] . $row[5] . $row[6] . $row[7] . $row[8] . $row[9];
				$hashMsg = hash('md5', $msg);
				
				if ($hashMsg == $dataHash){//hash matches!lets update!
					$sql = "UPDATE Employees SET empFname = '$empFname', empLname = '$empLname', startDate = '$startDate'" . (is_null($endDate) ? "," : " endDate = '$endDate',") . " empStatus = '$empStatus', address = '$address', email = '$email', phoneNum = '$phoneNum', wage = '$wage' WHERE empID = '$empID'";
					mysqli_query($conn, $sql);
					$error = ErrorCode::successUpdate;
				} else {
					$error = ErrorCode::integFailUpdate;
				}
			} else {
				$error = ErrorCode::authFailUpdate;
			}	
		}
		mysqli_close($conn);
	} else {
		$error = ErrorCode::authFailUpdate;
	}

	//close connection, add errorcode to start of output
	return array($error);
}